<?php

class User {

	private $failed = false; // failed login attempt
	private $id = 0; // the current user's id
	private $date;

	function User() {
		session_start();

		if (!isset($_SESSION['uid'])) {
			$this->session_defaults();
		}

		$this->date = gmdate("'Y-m-d'");

		if ($_SESSION['logged']) {
			$this->checkSession();
		} else if ( isset($_COOKIE['eclassLogin']) ) {
			$this->checkRemembered($_COOKIE['eclassLogin']);
		}
	}

	public function checkLogin($username, $password, $remember) {
		$username = strip_all ( trim ( $username) );
		$password = md5($password);
		$sql = "SELECT * FROM eclass_user WHERE login = '" .$username. "' AND senha = '" .$password. "'";
		$result = mysql_query($sql);
		$success = mysql_num_rows($result);

		if($success) {
			$row = mysql_fetch_array($result);
			$this->setSession($row['id'], $row['login'], $row['cookie'], $remember);
			return true;
		} else {
			$this->failed = true;
			$this->logout();
			return false;
		}
	}

	public function isLogged() {
		if ( !isset($_SESSION['uid'] ) || $_SESSION['uid'] == 0 )
			return false;
		return true;
	}

	public function getData() {
		if($this->isLogged()) {
			$sql = "SELECT * FROM eclass_user WHERE login = '" .$_SESSION['username']. "' AND id = '" .$_SESSION['uid']. "'";
			$result = mysql_query($sql);
			$success = mysql_num_rows($result);

			if($success) {
				return $row = mysql_fetch_array($result);
			} else {
				$this->logout();
				return false;
			}
		}
	}

	private function session_defaults() {
		$_SESSION['logged'] = false;
		$_SESSION['uid'] = 0;
		$_SESSION['username'] = '';
		$_SESSION['cookie'] = 0;
		$_SESSION['remember'] = false;
	}

	private function setSession($id, $username, $cookie, $remember, $init = true) {
		$this->id = $id;
		$_SESSION['uid'] = $this->id;
		$_SESSION['username'] = strip_all ( trim ($username) );//htmlspecialchars($username);
		$_SESSION['cookie'] = $cookie;
		$_SESSION['logged'] = true;

		if ($remember) {
			$this->updateCookie($cookie, true);
		}
		if ($init) {
			$session = session_id();
			$ip = $_SERVER['REMOTE_ADDR'];

			$sql = "UPDATE eclass_user SET session = '".$session."', ip = '".$ip."' WHERE id = '".$this->id."'";
			mysql_query($sql);
		}
	}

	function updateCookie($cookie, $save) {
		$_SESSION['cookie'] = $cookie;
		if ($save) {
			$cookie = serialize(array($_SESSION['username'], $cookie) );
			set_cookie('eclassLogin', $cookie, time() + 31104000, '/directory/');
		}
	}

	function checkRemembered($cookie) {
		list($username, $cookie) = @unserialize($cookie);
		if (!$username or !$cookie) return;
		$username = strip_all ( trim ($username) );
		$cookie = $cookie;
		$sql = "SELECT * FROM member WHERE (username = '".$username."') AND (cookie = '".$cookie."')";
		$result = mysql_query($sql);
		$success = mysql_num_rows($result);

		if($success) {
			$row = mysql_fetch_array($result);
			$this->setSession($row['id'], $row['login'], $row['cookie'], true);
		}
	}

	function checkSession() {
		$username = strip_all ( $_SESSION['username']);
		$cookie = strip_all ( $_SESSION['cookie']);
		$session = strip_all ( session_id());
		$ip = strip_all ( $_SERVER['REMOTE_ADDR']);
		$sql = "SELECT * FROM eclass_user WHERE (login = '".$username."') AND (cookie = '".$cookie."') " .
				"AND (session = '".$session."') AND (ip = '$ip')";
		$result = mysql_query($sql);
		$success = mysql_num_rows($result);

		if($success) {
			$row = mysql_fetch_array($result);
			$this->setSession($row['id'], $row['login'], $row['cookie'], false, false);
		} else {
			$this->logout();
		}
	}

	function logout() {
		session_destroy();
		$this->session_defaults();
	}

}

$user = new User();

?>
